s1
--:--:--UTC

Searching APEX

Starting…

  1. Searching Threats, IOCs & Threat Intelligence locally
  2. Querying external providers
  3. Asking AI Forensic Validator
  4. Creating new entry from validated hit

0s elapsed

MB-57e553f0c2be4b13070b1c302a62e2d21e4060f7a91d5ba4ee484ca0e08c490a high

📛 Threat Title

Unknown: iran.m68k

Category: Unknown Published: Source updated: First seen: Last updated: Source: Abuse.ch

Description

File type: elf. Size: 150240 bytes. Tags: elf. Reporter: abuse_ch. First seen: 2026-06-13 15:09:48.

Remediations (10)

  • m68k-unknown-none-elf - The rustc book - Learn Rust
    web:doc.rust-lang.org

    m68k- unknown -none-elf Tier: 3 Bare metal Motorola 680x0 Target Maintainers @knickish Requirements This target requires an m68k build environment for cross-compilation which is available on Debian, Debian-based systems, openSUSE, and other distributions. The gnu linker is currently required, as lld has no support for the m68k architecture On Debian-based systems, it should be sufficient to ...

  • Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)
    web:unit42.paloaltonetworks.com

    For details on Unit 42's previous observations of cyber activity linked to Iran-backed groups and hacktivists, see the Threat Brief: Escalation of Cyber Risk Related to Iran (Updated June 30).

  • URLhaus | http://176.65.139.35/iran.m68k
    web:urlhaus.abuse.ch

    Payload delivery The table below documents all payloads that URLhaus retrieved from this particular URL.

  • Known Exploited Vulnerabilities Catalog - CISA
    web:www.cisa.gov

    For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework. Learn more about ...

  • APT Profile - MUDDYWATER - CYFIRMA
    web:www.cyfirma.com

    MuddyWater is an APT group assessed to be affiliated to the Iranian Government, that targets victims in the Middle East with in-memory vectors leveraging on PowerShell, in a family of attacks now identified as "Living off the land", as they don't require the creation of new binaries on the victim's machine, thus maintaining a low detection profile and a low forensic footprint. The ...

  • PDF Iran-based Cyber Actors Enabling Ransomware Attacks on US ... - FBI
    web:www.fbi.gov

    The FBI further assesses these Iran-based cyber actors are associated with the Government of Iran (GOI) and—separate from the ransomware activity—conduct computer network exploitation activity ...

  • PDF Iranian Cyber Actors May Target Vulnerable US Networks and Entities of ...
    web:www.ic3.gov

    Iranian-affiliated cyber actors and aligned hacktivist groups often exploit targets of opportunity based on the use of unpatched or outdated software with known Common Vulnerabilities and Exposures (CVEs) or the use of default or common passwords on internet-connected accounts and devices. (Note: See CISA's Known Exploited Vulnerabilities Catalog for more information on vulnerabilities that ...

  • Linux Analysis Report iran.m68k.elf
    web:www.joesandbox.com

    Signatures Antivirus / Scanner detection for submitted sample Multi AV Scanner detection for submitted file Sample deletes itself Detected TCP or UDP traffic on non-standard ports Enumerates processes within the "proc" file system Sample has stripped symbol table Tries to connect to HTTP servers, but all servers are down (expired dropper behavior) Uses the "uname" system call to query kernel ...

  • Vulnerability Remediation: Step-by-Step Guide - SentinelOne
    web:www.sentinelone.com

    A vulnerability remediation program helps you identify, analyze, prioritize, and eliminate security weaknesses before cyber attackers could exploit them.

  • [PATCH 6.8 102/158] serial/pmac_zilog: Remove flawed mitigation for rx ...
    web:www.spinics.net

    M68K Devel for Linux: [PATCH 6.8 102/158] serial/pmac_zilog: Remove flawed mitigation for rx irq flood

Indicators of Compromise (3)

Each indicator is enriched from the IOC database, threat-intel feed corroboration (Threat Hunt) and VirusTotal. Click one to expand.

hash_sha256 57e553f0c2be4b13070b1c302a62e2d21e4060f7a91d5ba4ee484ca0e08c490a

IOC database

Type
hash_sha256
Value
57e553f0c2be4b13070b1c302a62e2d21e4060f7a91d5ba4ee484ca0e08c490a
First seen
Last seen
Attached to this threat
Appears in
1 threat
Description
Unknown

Open the full IOC page →

Threat Hunt — feed corroboration

Not present in any configured threat-intel feed.

Details From VirusTotal

No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.

hash_sha1 4d569bfdb333977e4cce22a5848f740c93383994

IOC database

Type
hash_sha1
Value
4d569bfdb333977e4cce22a5848f740c93383994
First seen
Last seen
Attached to this threat
Appears in
1 threat

Open the full IOC page →

Threat Hunt — feed corroboration

Not present in any configured threat-intel feed.

Details From VirusTotal

No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.

hash_md5 f8e0736e2946720ca3e11837de8dbd81

IOC database

Type
hash_md5
Value
f8e0736e2946720ca3e11837de8dbd81
First seen
Last seen
Attached to this threat
Appears in
1 threat

Open the full IOC page →

Threat Hunt — feed corroboration

Not present in any configured threat-intel feed.

Details From VirusTotal

No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.

References (1)

  • MalwareBazaar sample page Abuse.ch

    File type: elf. Size: 150240 bytes. Tags: elf. Reporter: abuse_ch. First seen: 2026-06-13 15:09:48.

AI Forensic Analysis

Only Available for Registered Users. Sign in to view.